We use SentinelOne as our antivirus software, and we have been getting incidents involving "Program Files\*company name*\online backup\Cloud.Backup.Scheduler.exe"
Is this file expected while using MSP360? What is the recommended manner in dealing with SentinelOne as it pertains to MSP360 in order to avoid false positive incidents? Is it recommended to enter the Signer Certificate for Cloud.Backup.Scheduler.exe ? And if so, can you tell me the Signer Certificate for this?
Thank you.
What is the program reporting? I think you'll need to follow whitelisting procedures with that product and you may be able to submit the binary to sentinel one for exclusion, but I'm not sure exactly what the report is. If you want to provide more details you can do so here
there's another customer with the same report in the system. I think the best thing for you to do would be to open up a support case directly with the support team. I've added your comments to that particular case. You can submit logs from that machine using the tools diagnostic toolbar option to get things started.
It's reporting it as a threat--though we have experienced false positives before, especially pertaining to MSP360 components.
The following threat indicators are given:
INDICATORS (5)
Evasion
Internal process resource was manipulated in memory.
Attempt to evade monitoring using the Process hollowing technique.
Exploitation
Shellcode execution was detected.
Privilege Escalation
Suspicious Kerberoasting attack. Too many SPN tickets requests.
It's best to work with support on this as there's an open case already with another customer reporting similar false positives with sentinel one. Please submit the logs and work with the support team on a resolution if you're unable to whitelist the application using the posted sentinel one articles.